Half Of UK Businesses Have Fallen For Phishing Attacks

Uploaded on 2019-03-25 in GOVERNMENT-Law Enforcement, FREE TO VIEW

Almost half of all British organisations have fallen victim to phishing attacks in the last two years, with larger businesses the most likely to been compromised, despite also being most likely to conduct cyber security training for staff. 

Research by security company Sophos has found that 45 percent of UK organisations were compromised by phishing attacks between 2016 and 2018, and that 54 percent had identified instances of employees replying to unsolicited emails or clicking the links in them.

Phishing emails are a common attack technique deployed in hacking campaigns, with hackers attempting to lure victims into downloading malware or entering sensitive credentials into a phony version of a website, such as a bank, a retailer, or a fake login page of the target organisation's own email system.

The attacks sound simple, but they're often deployed as the first step in campaigns by groups ranging from cyber-criminal gangs looking to make money, to nation-state-backed hacking groups looking to conduct espionage or cause disruption.
Even if there hasn't been any immediate or obvious damage, there's the potential for attackers to have gained persistent access to target networks, especially if the victim hasn't done anything to counter the attack.

"It's difficult to assess how successful attacks are being exploited. It could be anything from simple credential theft to a network compromise leading to a data breach and everything in between," John Shier, senior security expert at Sophos told ZDNet. 

There's also the potential that the attackers could gain further ground if there are instances of password re-use by the victim, which is why security professionals recommend that multi-factor authentication is applied across the enterprise.

"Regardless of the end goal, it's important to understand that once a cyber-criminal has your credentials, as far as the authentication systems know, they are you. This is why two-factor authentication is a must for all your accounts," said Shier.

While cyber criminals attack organisations of all sizes, the Sophos study, undertaken by Sapio Research, suggests that it's larger organisations that are more likely to fall victim to a phishing attack: 54 percent of organisations with between 500 and 1,000 employees have fallen victim to phishing in the past two years.

That figure drops to 39 percent for firms with 250 to 500 staff, and drops again to just 14 percent for businesses with under 250 people. While smaller firms are often said to be easier targets for hackers, it's likely that cyber criminals looking for a lucrative payday will be focusing their attentions on large organisations. However, with the threat that phishing poses, it's not something that any organisation of any size can afford to ignore, and senior executives should ensure their business has processes in place to attempt to prevent it from happening, as well as providing proper channels for employees to report suspected attacks.

"The reality is that 100 percent of organisations will be faced with fending off phishing attacks and unfortunately many attacks will succeed. Knowing that you've been compromised and reacting quickly is paramount," said Shier.

"Not only should organisations urge their users to report potential phishing attacks but also encourage a safe reporting environment for when users make a mistake," he added.

ZDNet:

For economic and accurate staff and management cyber security training that includes phishing security training please contact Cyber Security Intelligence.

You Might Also Read:

Hidden Truth About Cyber-Crime: Insider Threats

How To Develop Secure Cybersecurity Practices:

 

 

 

« Three In Five Politicians’ Websites Don’t Use Cyber Security
US Surveillance System Exposed By Snowden Goes Dormant »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Wizard Computing

Wizard Computing

Wizard Computer Services is a full service IT solutions provider that offers managed services, consultation, installation, and support to small and large businesses in New England.

Team8

Team8

Team8 is Israel’s most prestigious cybersecurity think tank and venture creation foundry.

Digital Transformation EXPO (DTX)

Digital Transformation EXPO (DTX)

Digital Transformation EXPO showcases the latest technology and insight from the world’s leading brands and experts in DX.

Axcient

Axcient

Axcient offers MSPs the most secure backup and disaster recovery technology stack with a proven Business Availability suite.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Consulting Services to help you secure your mission-critical systems.

Blockchain Firm

Blockchain Firm

Blockchain Firm is a leading Blockchain based software solutions and service provider with our roots of expertise running deep into the technology.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

Truvantis

Truvantis

Truvantis is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization’s infrastructure, data, operations and products.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

Turngate

Turngate

Turngate simplify security investigations so you can see employee activities and entitlements in your enterprise in seconds.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.

Haiku

Haiku

Haiku stands at the forefront of cybersecurity upskilling, leveraging video games to immerse you in a flow state for accelerated, enduring learning.

Cyber Advisors

Cyber Advisors

Cyber Advisors offers customizable cyber security solutions and IT services for businesses of all sizes across the nation from experts you can trust.